AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing CSRF checks

Browse Source
This commit is contained in:
Frédéric Guillot
2021-06-05 14:33:19 -07:00
committed by fguillot
parent 41102ec161
commit 71123b0f37
23 changed files with 58 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controller/TaskListController.php
View File

@@ -23,6 +23,13 @@ class TaskListController extends BaseController
$project = $this->getProject();
$search = $this->helper->projectHeader->getSearchQuery($project);
if ($this->request->getIntegerParam('show_subtasks') !== 0 ||
$this->request->getIntegerParam('hide_subtasks') !== 0 ||
$this->request->getStringParam('direction') !== '' ||
$this->request->getStringParam('order') !== '') {
$this->checkReusableGETCSRFParam();
}
if ($this->request->getIntegerParam('show_subtasks')) {
session_set('subtaskListToggle', true);
} elseif ($this->request->getIntegerParam('hide_subtasks')) {
@@ -41,7 +48,7 @@ class TaskListController extends BaseController
$this->userSession->setListOrder($project['id'], $order, $direction);
$paginator = $this->paginator
->setUrl('TaskListController', 'show', array('project_id' => $project['id']))
->setUrl('TaskListController', 'show', array('project_id' => $project['id'], 'csrf_token' => $this->token->getReusableCSRFToken()))
->setMax(30)
->setOrder($order)
->setDirection($direction)